git.samba.org / samba.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
fuzzing: fix fuzz_stable_sort_r_unstable comparison
[samba.git] / wscript_configure_system_gnutls
diff --git a/wscript_configure_system_gnutls b/wscript_configure_system_gnutls
index 2ec217fb9dc57806f1ef12988482473e9e171461..f62de5560d6393b4864d768432078287a963e314 100644 (file)
--- a/wscript_configure_system_gnutls
+++ b/wscript_configure_system_gnutls
@@ -1,9 +1,13 @@
-from waflib import Options
+import os
 
 def parse_version(v):
     return tuple(map(int, (v.split("."))))
 
-gnutls_min_required_version = "3.4.7"
+gnutls_min_required_version = "3.6.13"
+
+conf.CHECK_FUNCS('getrandom', headers='sys/random.h')
+if not conf.CONFIG_SET('HAVE_GETRANDOM'):
+   gnutls_min_required_version = "3.7.2"
 
 gnutls_required_version = gnutls_min_required_version
 
@@ -12,17 +16,12 @@ conf.CHECK_CFG(package='gnutls',
                      msg='Checking for GnuTLS >= %s' % gnutls_required_version,
                      mandatory=True)
 
-gnutls_version = conf.cmd_and_log(conf.env.PKGCONFIG + ['--modversion', 'gnutls']).strip()
+gnutls_version_str = conf.cmd_and_log(conf.env.PKGCONFIG + ['--modversion', 'gnutls']).strip()
+gnutls_version = parse_version(gnutls_version_str)
 
 # Define gnutls as a system library
 conf.SET_TARGET_TYPE('gnutls', 'SYSLIB')
 
-# Check for gnutls_pkcs7_get_embedded_data_oid (>= 3.5.5) required by libmscat
-conf.CHECK_FUNCS_IN('gnutls_pkcs7_get_embedded_data_oid', 'gnutls')
-
-# Check for gnutls_set_default_priority_append (>= 3.6.3)
-conf.CHECK_FUNCS_IN('gnutls_set_default_priority_append', 'gnutls')
-
 # Check for gnutls_aead_cipher_encryptv2
 #
 # This is available since version 3.6.10, but 3.6.10 has a bug which got fixed
@@ -32,19 +31,37 @@ conf.CHECK_FUNCS_IN('gnutls_set_default_priority_append', 'gnutls')
 #
 # 3.6.10 - 3.6.14 have a severe memory leak with AES-CCM
 #     https://gitlab.com/gnutls/gnutls/-/merge_requests/1278
-if (parse_version(gnutls_version) > parse_version('3.6.14')):
-    conf.CHECK_FUNCS_IN('gnutls_aead_cipher_encryptv2', 'gnutls')
-
-# Check if we have support for crypto policies
-if conf.CHECK_FUNCS_IN('gnutls_get_system_config_file', 'gnutls'):
-    conf.DEFINE('HAVE_GNUTLS_CRYPTO_POLICIES', 1)
-
-if conf.CHECK_VALUEOF('GNUTLS_CIPHER_AES_128_CFB8', headers='gnutls/gnutls.h'):
-    conf.DEFINE('HAVE_GNUTLS_AES_CFB8', 1)
-else:
-    Logs.warn('No gnutls support for AES CFB8')
-
-if conf.CHECK_VALUEOF('GNUTLS_MAC_AES_CMAC_128', headers='gnutls/gnutls.h'):
-    conf.DEFINE('HAVE_GNUTLS_AES_CMAC', 1)
-else:
-    Logs.warn('No gnutls support for AES CMAC')
+if (gnutls_version > parse_version('3.6.14')):
+      conf.DEFINE('ALLOW_GNUTLS_AEAD_CIPHER_ENCRYPTV2_AES_CCM', 1)
+
+# GNUTLS_CB_TLS_SERVER_END_POINT is available with
+# 3.7.2
+if (gnutls_version >= parse_version('3.7.2')):
+      conf.DEFINE('HAVE_GNUTLS_CB_TLS_SERVER_END_POINT', 1)
+
+# Check if gnutls has fips mode support
+# gnutls_fips140_mode_enabled() is available since 3.3.0
+fragment = '''
+#include <gnutls/gnutls.h>
+#include <stdlib.h>
+
+int main(void)
+{
+    unsigned int ok;
+
+    ok = gnutls_fips140_mode_enabled();
+
+    return !ok;
+}
+'''
+
+os.environ['GNUTLS_FORCE_FIPS_MODE'] = '1'
+conf.CHECK_CODE(fragment,
+                'HAVE_GNUTLS_FIPS_MODE_SUPPORTED',
+                execute=True,
+                addmain=False,
+                add_headers=False,
+                lib='gnutls',
+                msg='Checking for gnutls fips mode support')
+del os.environ['GNUTLS_FORCE_FIPS_MODE']
+
Samba Shared Repository